[Samba] Samba + Winbind help
Rowland Penny
rpenny at samba.org
Mon Nov 17 19:58:31 UTC 2025
On Mon, 17 Nov 2025 19:14:49 +0000
Eric Gurevitz via samba <samba at lists.samba.org> wrote:
> Mike,
>
> I run a very similar setup. I see a few things missing. Where is
> your AD info for the join to the domain? In /etc/nsswitch.conf there
> is no need for winbind if you are not going to use AD for auth on
> Linux.
You need winbind for authentication if you are running Samba as a Unix
domain member.
> I only use AD to authenticate the users coming in via samba
> and then Linux UID and GID determine the access.
Where do get the UID & GIDs from ?
>
> If you want samba to use Linux UID and GID, I use a user map script:
>
> username map script = /etc/samba/usermap.sh
Ah, there, next question, WHY ?
>
> cat /etc/samba/usermap.sh
> #!/bin/bash
> ACCOUNTNAME="$1"
> echo "${ACCOUNTNAME}" | sed -e 's/[^\\]*\\//'
> exit 0
I use the 'rid' idmap backend and I just use Samba (with winbind) and
Unix knows who I am:
getent passwd rowland
rowland:*:11104:10513:Rowland Penny:/home/rowland:/bin/bash
No usermap!
>
> Last time I sent the info, Roland here told me this. I have not tried
> this. 'winbind use default domain = yes' in your smb.conf, it will
> give you the same effect as your script.
Yes 'winbind use default domain = yes' will remove the NetBIOS domain
name from the username, but it is only usable with a single domain
setup.
Rowland
More information about the samba
mailing list